So I'm about to purchase a Rasberry/Bananna Pi device to upgrade some features in my network routing. The thing is I'm concerned because there is only one NIC [Gigabit]. I was thinking either pump traffic in and back out [assigning 2 ip's to that one nic] of or just make a virtual nic for traffic routing and point inward/outward traffic to its destination...
The Pi device is then plugged into the switch and wa-la.

Ok so my traffic peaks at about 10-12MB/s at the WAN side, my question is which setup would most likely give me the best performance [basically no reduction] for routing traffic? I'll be running pf, and wifi for an AP. I think the quad core arm with that Gb-nic is plenty of power, I'm just curious about the software setup being the bottle neck. It may not even put a dent in it but I thought I would get some opinions. If you have a totally different idea I'm up for hearing it.

Any hits would be greatly appreciated

Ghost

__________________
Support Free and Open Software: Join a Linux/BSD Users Group.

I don't know anything about the various Raspberry products, but if the models have both a wired NIC and a wireless NIC, they can act as routers between a wired subnet and a WiFi subnet.

If you want to route wired Ethernet, then a single NIC does not a router make, unless you implement a vlan(4) based infrastructure, and route via individual VLANs.

VLAN - IEEE 802.1Q - requires a central backbone device called, quite subtly, a managed switch. Unless your switch is in this class, you'll need to use a computer with at least two NICs. Managed switches come with administration and provisioning tools, so you would know if yours was in this class.

I'm new to this raspi thing, but I'm a Linux Desktop user and primarily FreeBSD for serving little LAN projects.

On this topic maybe I'm missing something, I looked up aliases and understand that an alias requires a different subnet which is perfect, as well as giving me a second network interface listing in ifconfig. So what is not allowing me to route from rl0 (Pub-IP)--->rl0_alias (10.0.0.1)?

If there is something fundamentally disallowing packets to be passed through the alias, I could understand, I just thought a situation similar to this might work. If not I can always use a USB NIC, I was just going for efficiency.

__________________
Support Free and Open Software: Join a Linux/BSD Users Group.

I'm new to this raspi thing, but I'm a Linux Desktop user and primarily FreeBSD for serving little LAN projects.

I don't know anything about Raspberry platforms, and don't use Linux or FreeBSD. So all guidance here just comes from general Ethernet and TCP/IP networking knowledge.

Quote:

...I looked up aliases and understand that an alias requires a different subnet...

An alias address is just an extra IP address that a NIC will answer to. An individual NIC may have multiple aliases. Dozens. Hundreds. Thousands.

All an alias address will do is cause the NIC to respond to any Address Resolution Protocol ("ARP") query broadcast for that IP address on the local Ethernet segment.

Quote:

...giving me a second network interface listing in ifconfig...

While you may have an "alias" assignment variable for your rc.conf(8) configuration file, this isn't a separate NIC. It is an merely an additional IP address the NIC will respond to.

In your post, you show a topology where two subnets share the same physical Ethernet segment, from the Modem (your ISP gateway router) to every device. There is no isolation between subnets -- they all share the same Ethernet network.

If you're planning to use this new device as a firewall, with set policies to enforce, your device and its policies can be bypassed merely by someone changing a device's IP address from one subnet to the other -- from an address on the 10.0.0.0/24 "inner" subnet to an address on the 192.168.1/24 "outer" subnet. That's all it takes to bypass your device.

The VLAN technology I mentioned in my post above is quite different -- untagged (standard Ethernet) ports assigned to unique VLANs on the switch are on separate Ethernet segments. Traffic is physically isolated.